Skip to main content

Rights — Roles / Menus

The Rights — Roles / Menus screen joins the role-level rights matrix to the menu tree, with the licence component carried on each row. One line per (Application, Role, Object) triplet, restricted to rules where SER_USER_ID = '*ROLE' and SER_RUN = 'Y'. The menu breadcrumb (root + up to 9 levels) tells how a holder of the role would reach the object from the menu.

It is the cleanest view to discuss with a role owner: "here is everything your role grants, organised the way users actually browse it".

At a glance

Nomasx-1 · Applications · Rights · Roles / MenusROLEROOTLEVEL 1LEVEL 2OBJECTFORMCOMPONENTACCT_APG0911Accounts PayableDaily ProcessingP0411W0411AFinancialsACCT_APG0911Accounts PayableSetupP0401W0401AFinancialsAPPROVERG43ProcurementApprovalP43081W43081ADistributionACCT_AP— (no menu)Right granted but no menu pathP03B11W03B11AFinancialsACCT_AP role · 87 entries · 2 with no navigation

Goal of the view

For each role on a connected application:

  • The full inventory of what the role grants. Object, form, version + the menu path. Hand it to the role owner during the access review.
  • Per-component breakdown. The Component column lets you measure how much of which licence the role consumes — useful before approving a new role.
  • Hidden grants. Rows with no menu path point to rights with no navigation — the easiest target for cleanup since users cannot reach them through the standard UI.

Columns

ColumnSourceWhat it tells you
Application IDSER_APPS_ID — application identifier. Filterable.Which application the right applies to.
Role IDSER_ROLE_ID — role granting the right. Filterable, scoped to the application.The role the rule belongs to.
ComponentCPT_ID — licence component. Filterable.The licence bucket the right falls under.
ObjectSER_OBJECT — technical object. Filterable, scoped to the application.What the role unlocks.
FormSERL_FORM — form code within the object.Specific form.
VersionSER_VERSION — processing version.Configuration variant.
Run / Add / Change / DeleteSER_RUN, SER_ADD, SER_CHG, SER_DELY / N.Action flags.
Root / Menu ID / Level 1 — 9MENU_ROOT, MENU_ID, MENU_LEVEL1MENU_LEVEL9 — text.Menu breadcrumb. Empty when no menu path reaches the right.
SequenceMENU_SEQ_UKID — internal stable sequence.Used to keep menu rows in a deterministic order.

Tips & best practices

  • Filter by Role ID + sort by Level 1 to produce the per-role deliverable used in the access review.
  • Filter by Component to extract every right a role brings under a specific licence — the data you need before renegotiating component volumes.
  • Rows with empty Root are rights the role grants but no menu navigates to. They are typically the leftover of a removed menu entry that nobody trimmed in the security rights.
  • Cross-reference with Roles not used — a role with very few menu paths is a candidate for retirement.